Ow yes, this can work fine. AD-DC, time is given to the pc's over the AD. (not NTP directly).. sure you can configure that, but i didnt. Members, systemd-timedated used the AD-DC its NTP to sync. Standalones ( i have 1, ) same. The members dont need SNTP to sync time, only the AD-DC <=> Windows And you can even overrule that, but im not doing that. timedatectl show-timesync SystemNTPServers="192.168.1.1 192.168.1.2" Per example, this is the network config of my primary member server. # /etc/systemd/network/30-bond1.network [Match] Name=bond1 [Network] DHCP=no IPv6PrivacyExtensions=no IPv6AcceptRouterAdvertisements=no LinkLocalAddressing=no DNS=192.168.1.1 DNS=192.168.1.2 DNS=192.168.1.3 Domains=internal.domain.tld # Time NTP=192.168.1.1 NTP=192.168.1.2 NTP=192.168.1.3 [Address] Address=192.168.1.11/24 [Route] Destination=0.0.0.0/0 Gateway=192.168.1.200 So, i use systemd-networkd (DNS) , systemd-timesyncd (NTP), And systemd-resolved can be used with Domains= so search is always correct. This removed the need of some packages and less is better in my opinion. But basicly its this script. https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-systemd-networkd.sh Questions, just ask. (p.s. i just made this one, i suggest if you use systemd, have a look at it) https://raw.githubusercontent.com/thctlo/debian-scripts/master/systemd-failure-notification.sh If any service failes, you get email. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 12 oktober 2021 10:53 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Unable to join domain > > On Tue, 2021-10-12 at 09:01 +0200, L.P.H. van Belle via samba wrote: > > > > > > > -----Oorspronkelijk bericht----- > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > Rowland Penny via samba > > > Verzonden: maandag 11 oktober 2021 17:08 > > > Aan: samba at lists.samba.org > > > Onderwerp: Re: [Samba] Unable to join domain > > > > > > On Mon, 2021-10-11 at 09:54 -0500, Patrick Goetz via samba wrote: > > > > Maybe another thing to work on for the next release? <:) > > > > > > > > Or is there a technical reason why this isn't possible? > > > > > > It is because only ntp or chrony know anything about 'mssntp' and > > > 'ntp_signd' > > > > > > > I've long ago > > > > stopped installing ntp on anything under normal conditions, > > > > since > > > > systemd-timedated just works. > > > > > > 'systemd-timedated' only knows 'sntp' so you cannot use > it with AD. > > > It > > > isn't Samba that needs updating to use systemd-timedated, it is > > > systemd-timedated that needs updating to work with Samba AD. > > > > > > Rowland > > > > > > > Samba-ad-dc use ntp > > Samba members systemd-timedated works fine. > > > > Thats how i run it here. > > Then your workstations are not using the DC's as their time servers. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Tue, 2021-10-12 at 11:14 +0200, L.P.H. van Belle via samba wrote:> Ow yes, this can work fine. > > AD-DC, time is given to the pc's over the AD. (not NTP directly).. > sure you can configure that, but i didnt. > > Members, systemd-timedated used the AD-DC its NTP to sync. > Standalones ( i have 1, ) same. > > The members dont need SNTP to sync time, only the AD-DC <=> Windows > And you can even overrule that, but im not doing that. > > timedatectl show-timesync > SystemNTPServers="192.168.1.1 192.168.1.2" >I repeat, your clients are not using the DC's directly for time, you might be okay with this, but I am not, but hey, they are your clients : -) Rowland
Hai Rowland, I think you'r wrong, maybe im wrong.. But im pretty sure im not. Or we have a language thingy.. Good possible also. :-/ So, i've lookuped my windows eventlog and this shows.. The time provider NtpClient is currently receiving valid time data from dc1.internal.domain.tld (ntp.d|0.0.0.0:123->192.168.1.1:123). The time service is now synchronizing the system time with the time source rtd-dc1.internal.domain.tld (ntp.d|0.0.0.0:123->192.168.1.1:123) with reference id 3539577024. Current local stratum number is 4. All my time is in sync, servers, pc's routers, switches, any everything works as it should work. So if you say its wrong, explain my why, i can only learn from it. I've followed this as main guideline. AD-DC use ntp with 3 stratum 1 NTP servers. (the external source) Members use the internal NTP servers ( the AD-DC's ) Windows clients, i didnt do anything because its just not needed and these sync also nicely with the AD-DC's. Port Assignments for the Windows Time Service NETWORK PORTS USED BY WINDOWS TIME SERVICE Service name UDP TCP NTP 123 SNTP 123 Setup is according the Windows Time Service Architecture. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 12 oktober 2021 11:28 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Unable to join domain > > On Tue, 2021-10-12 at 11:14 +0200, L.P.H. van Belle via samba wrote: > > Ow yes, this can work fine. > > > > AD-DC, time is given to the pc's over the AD. (not NTP directly).. > > sure you can configure that, but i didnt. > > > > Members, systemd-timedated used the AD-DC its NTP to sync. > > Standalones ( i have 1, ) same. > > > > The members dont need SNTP to sync time, only the AD-DC <=> Windows > > And you can even overrule that, but im not doing that. > > > > timedatectl show-timesync > > SystemNTPServers="192.168.1.1 192.168.1.2" > > > > I repeat, your clients are not using the DC's directly for time, you > might be okay with this, but I am not, but hey, they are your > clients : > -) > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >